Security Bulletin: Multiple vulnerabilities exist in IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2013-4025, CVE-2013-4024, CVE-2013-4022)

Abstract Multiple vulnerabilities exist in IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert for Linux, UNIX and Windows which could allow an attacker to view sensitive information or perform actions as a compromised user...

Security Bulletin: Vulnerability in SSLv3 affects IBM InfoSphere Optim Configuration Manager (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that is referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM® InfoSphere® Optim™ Configuration Manager. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: IBM InfoSphere Optim Configuration Manager...

CVE-2013-4022

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access...

Design/Logic Flaw

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain...

Design/Logic Flaw

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network...

Design/Logic Flaw

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access...

CVE-2013-4025

CVE-2013-4025 affects IBM Data Studio Web Console (3.x before 3.2), Optim Performance Manager (5.x before 5.2), InfoSphere Optim Configuration Manager (2.x before 2.2), and DB2 Recovery Expert (2.x). The root cause is lack of an off autocomplete attribute on the login-password field, enabling an ...

CVE-2013-4022

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access...

CVE-2013-4024

CVE-2013-4024 affects IBM Data Studio Web Console (3.x before 3.2), Optim Performance Manager (5.x before 5.2), InfoSphere Optim Configuration Manager (2.x before 2.2), and DB2 Recovery Expert (2.x). The issue arises from the Web Console serving over HTTP, allowing remote attackers to read sessio...